Trial 234 Posted December 20, 2022 Share Posted December 20, 2022 Hello, So I have shared this fix with someone a few days ago and saw this morning that martysama has published it on it's blog. I let you know before kids with "private" access to this start playing with it. (I do not have acces to martysama's blog member posts and do not know who does) The "pc_change_name" function has an exploitable item duplication bug. The fix is simple, in "pc_change_name" replace this code: db_clientdesc->DBPacketHeader(HEADER_GD_FLUSH_CACHE, 0, sizeof(DWORD)); db_clientdesc->Packet(&pid, sizeof(DWORD)); with this: if (!CHARACTER_MANAGER::instance().FlushDelayedSave(ch)) { ch->SaveReal(); } I will edit this post to add details on how and why later on to avoid kids playing with it before it's patched on majority of servers. Regards, 5 2 Link to comment Share on other sites More sharing options...
Honorable Member martysama0134 7201 Posted December 20, 2022 Honorable Member Share Posted December 20, 2022 (edited) 1 hour ago, Trial said: saw this morning that martysama has published it on it's blog. People may misunderstand: Someone used this exploit in a pserver, and the game admin asked many people for help (I suppose). Replacing the Flush Cache packet to Save() is enough. It's exactly the same bug ShopEx had years ago in a specific mainline branch. Edited December 20, 2022 by VegaS™ Removed the how-to part 3 1 1 Check out my GitHub Link to comment Share on other sites More sharing options...
Trial 234 Posted December 20, 2022 Author Share Posted December 20, 2022 (edited) 2 hours ago, martysama0134 said: People may misunderstand: Someone used this exploit in a pserver, and the game admin asked many people for help (I suppose). Replacing the Flush Cache packet to Save() is enough. It's exactly the same bug ShopEx had years ago in a specific mainline branch. Sorry if there was any confusion, I was just mentioning the fact that it was posted on your blog. And yes this is the same game admin I gave this fix to, don't know why he asked you about this as it was fixed, anyway. I suggest you remove the "how to" part from your screenshots as it may still be too early, I will edit my initial post about details soon. Edited December 20, 2022 by Trial removed how-to part from citation Link to comment Share on other sites More sharing options...
[007]DawisHU 278 Posted December 20, 2022 Share Posted December 20, 2022 (edited) My repli was deleted??? for why?? Hi @Trial BIG THANK for share it. I have a Premium Offline Shop by @ Rakancito. But sadly this system is total bugged,and have a lot core crash. Finally fixed. Thank again! Edited December 20, 2022 by Metin2 Dev Core X - External 2 Internal Link to comment Share on other sites More sharing options...
Honorable Member martysama0134 7201 Posted December 20, 2022 Honorable Member Share Posted December 20, 2022 2 hours ago, [007]DawisHU said: Finally fixed. How is that offline shop related to this? Does it use the FLUSH_CACHE packet? Check out my GitHub Link to comment Share on other sites More sharing options...
[007]DawisHU 278 Posted December 20, 2022 Share Posted December 20, 2022 (edited) 10 minutes ago, martysama0134 said: How is that offline shop related to this? Does it use the FLUSH_CACHE packet? yes It is using. If u see little closer, some code are bugged, and useless... Link: Spoiler This is the hidden content, please Sign In or Sign Up Excuse me, for bad eng.. Edited December 20, 2022 by Metin2 Dev Core X - External 2 Internal 39 1 2 3 5 Link to comment Share on other sites More sharing options...
Trial 234 Posted December 20, 2022 Author Share Posted December 20, 2022 1 hour ago, [007]DawisHU said: yes It is using. If u see little closer, some code are bugged, and useless... Link: Reveal hidden contents This is the hidden content, please Sign In or Sign Up Excuse me, for bad eng.. What the.. Anyway, glad it helped! 3 1 Link to comment Share on other sites More sharing options...
Trial 234 Posted December 22, 2022 Author Share Posted December 22, 2022 (edited) Since I can't edit the original post (?) here are some explanations for those who are interested in the details: Spoiler Sending "HEADER_GD_FLUSH_CACHE" packet to db flushes db cache for the player. This updates database "player.item" table with current item cache (from db process) at the time of changing name. You may have already guessed it, if for example you give items in exchange to other players and then change your name then teleport to any map that is on different game core you will still have these items! Why? The cache! You just flushed cache in db process but did not let the db know about the change of owner for exchanged items before doing so and your next login will load these items from database for you. You need to warp to other game core for this to work because same ID items cannot be loaded twice, there is a check in "ITEM_MANAGER::CreateItem" (Obviously only works for items loaded from database into db process cache then sent to game in "HEADER_DG_ITEM_LOAD" packet as this cache is needed to update database when changing name) DB Cache should never be flushed manually, better let the normal cache handling process do it's work. Edited December 23, 2022 by Trial Link to comment Share on other sites More sharing options...
Active Member Ulas 173 Posted December 25, 2022 Active Member Share Posted December 25, 2022 On 12/20/2022 at 4:00 PM, Trial said: Hello, So I have shared this fix with someone a few days ago and saw this morning that martysama has published it on it's blog. I let you know before kids with "private" access to this start playing with it. (I do not have acces to martysama's blog member posts and do not know who does) The "pc_change_name" function has an exploitable item duplication bug. The fix is simple, in "pc_change_name" replace this code: db_clientdesc->DBPacketHeader(HEADER_GD_FLUSH_CACHE, 0, sizeof(DWORD)); db_clientdesc->Packet(&pid, sizeof(DWORD)); with this: if (!CHARACTER_MANAGER::instance().FlushDelayedSave(ch)) { ch->SaveReal(); } I will edit this post to add details on how and why later on to avoid kids playing with it before it's patched on majority of servers. Regards, Can you add proof please. I want show problem. Link to comment Share on other sites More sharing options...
Premium WeedHex 636 Posted December 25, 2022 Premium Share Posted December 25, 2022 21 minutes ago, Ulas said: Can you add proof please. I want show problem. Are you one of the kids who @Trialwas talking about? Link to comment Share on other sites More sharing options...
Active Member Ulas 173 Posted December 25, 2022 Active Member Share Posted December 25, 2022 1 hour ago, WeedHex said: Are you one of the kids who @Trialwas talking about? No Link to comment Share on other sites More sharing options...
Premium Intel 764 Posted December 25, 2022 Premium Share Posted December 25, 2022 (edited) 2 hours ago, Ulas said: No (sorry) Edited December 25, 2022 by Metin2 Dev Core X - External 2 Internal 5 1 Link to comment Share on other sites More sharing options...
Flourine 106 Posted December 27, 2022 Share Posted December 27, 2022 (edited) In Poland we had nickname change bug abusers since 2016 or smth like that. Personally i fixed in something like end of 2k17 Fix is done well, ty for sharing Edited December 27, 2022 by Flourine 1 Link to comment Share on other sites More sharing options...
bossy_max 1 Posted January 2, 2023 Share Posted January 2, 2023 same problem exists in owsap pin Link to comment Share on other sites More sharing options...
Premium Jira 471 Posted January 8, 2023 Premium Share Posted January 8, 2023 Thanks, I'm so curious if can be exploitable with net.SendChangeNamePacket Link to comment Share on other sites More sharing options...
Recommended Posts